Re: [Samba] Samba w/o local users on Samba server?
On Mon, Jun 06, 2005 at 12:08:49PM -0600, John H Terpstra wrote: What you are asking is: Can a Samba server be a domain member server or client in a Windows NT4 domain, or in an Active Directory domain? Yes and no. If we don't want to have a Windows-based server in the picture, it looks like I'll need to configure a(nother) Samba server as a PDC in order for the first one to join a domain. I'll give that a try anyway ( and come back with more detailed questions later - if there are any. ;-) Suggest you refer to chapter 7 of the book Samba-3 by Example (aka. Samba-Guide). This chapter deals exclusively with this subject. I'll do that. Thanks! You can obtain a copy of this book from: http://www.samba.org/samba/docs/Samba-Guide.pdf Wow: June 6th, now June 9th; you're really keeping your documentation up-to-(almost-today's-)date. The information you provide above does not identify which of our documentation is deficient. Don't worry, I didn't say it was defincient. All I said is that AFAICS you always need to have local Linux/Unix users (and groups) with User Level security. | Currently domain level security in Samba does not free you from | having to create local UNIX users to represent the users attached to | your server. (...) from: The Official Samba-3 HOWTO and Reference Guide, 1st printing, p.74 Thanks for your reply! Cheers, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba w/o local users on Samba server?
Hi everyone, is it possible to have a Samba server without creating local accounts for users on that server? Share level security doesn't count though. ;-) The idea is not to need to create and update users on the Samba server itself (i.e. no local users, no entries in /etc/passwd, etc). The documentation says something about Domain and ADS level security being basically just forms of user level security, so - for the moment- it looks to me as if there's no way around creating those local users. Is that correct? Wondering, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba w/o local users on Samba server?
Robert Schuettler wrote: Hi everyone, is it possible to have a Samba server without creating local accounts for users on that server? Share level security doesn't count though. ;-) The idea is not to need to create and update users on the Samba server itself (i.e. no local users, no entries in /etc/passwd, etc). The documentation says something about Domain and ADS level security being basically just forms of user level security, so - for the moment- it looks to me as if there's no way around creating those local users. Is that correct? I can't say for certain, I believe it's possible, if you use ACLs on your file system. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba w/o local users on Samba server?
On Monday 06 June 2005 16:37, Robert Schuettler wrote: Hi everyone, is it possible to have a Samba server without creating local accounts for users on that server? Share level security doesn't count though. ;-) The idea is not to need to create and update users on the Samba server itself (i.e. no local users, no entries in /etc/passwd, etc). The documentation says something about Domain and ADS level security being basically just forms of user level security, so - for the moment- it looks to me as if there's no way around creating those local users. Is that correct? Wondering, Robert It is possible to authenticate against an active directory or a samba PDC, these are the only ways that I know of for you to avoid adding local users, and do a sort of pass through auth. Hope that helps, H pgpzDNnD2VJXV.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba w/o local users on Samba server?
The documentation says something about Domain and ADS level security being basically just forms of user level security, so - for the moment- it looks to me as if there's no way around creating those local users. Is that correct? nss_ldap or nss_winbind signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba w/o local users on Samba server?
On 6/6/05, Robert Schuettler [EMAIL PROTECTED] wrote: Hi everyone, is it possible to have a Samba server without creating local accounts for users on that server? Share level security doesn't count though. ;-) The idea is not to need to create and update users on the Samba server itself (i.e. no local users, no entries in /etc/passwd, etc). The documentation says something about Domain and ADS level security being basically just forms of user level security, so - for the moment- it looks to me as if there's no way around creating those local users. Is that correct? Not quite, but you can save a few steps if you have some easy dynamic way to create maintain the local users. We do linux auth against ADS with a combination of winbind, kerberos, pam_mkhomedir (to auto make the home dir), and pam_mount (to mount/unmount the shares automatically without the user needing root access, and no prior modifications to fstab). With that we have what you want, but it was pretty hard to set up. (I didn't do it--it was our genius network admin doing a ton of reading and a lot of trial and error. But we're not the only ones who've done it.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba w/o local users on Samba server?
On Monday 06 June 2005 09:37, Robert Schuettler wrote: Hi everyone, is it possible to have a Samba server without creating local accounts for users on that server? Share level security doesn't count though. ;-) The idea is not to need to create and update users on the Samba server itself (i.e. no local users, no entries in /etc/passwd, etc). The documentation says something about Domain and ADS level security being basically just forms of user level security, so - for the moment- it looks to me as if there's no way around creating those local users. Is that correct? Wondering, Robert What you are asking is: Can a Samba server be a domain member server or client in a Windows NT4 domain, or in an Active Directory domain? The answer is: Yes! Of course! Suggest you refer to chapter 7 of the book Samba-3 by Example (aka. Samba-Guide). This chapter deals exclusively with this subject. You can obtain a copy of this book from: http://www.samba.org/samba/docs/Samba-Guide.pdf The information you provide above does not identify which of our documentation is deficient. Please help use to improve the quality and suitability of our documentation where it is inadequate. You can assist us by providing clear and unabiguous feedback regarding the documentation you have reviewed and specfically what information you need that is not addressed. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba w/o local users on Samba server?
On 6/6/05, Matt Morgan [EMAIL PROTECTED] wrote: On 6/6/05, Robert Schuettler [EMAIL PROTECTED] wrote: Hi everyone, is it possible to have a Samba server without creating local accounts for users on that server? Share level security doesn't count though. ;-) The idea is not to need to create and update users on the Samba server itself (i.e. no local users, no entries in /etc/passwd, etc). The documentation says something about Domain and ADS level security being basically just forms of user level security, so - for the moment- it looks to me as if there's no way around creating those local users. Is that correct? Not quite, but you can save a few steps if you have some easy dynamic way to create maintain the local users. We do linux auth against ADS with a combination of winbind, kerberos, pam_mkhomedir (to auto make the home dir), and pam_mount (to mount/unmount the shares automatically without the user needing root access, and no prior modifications to fstab). With that we have what you want, but it was pretty hard to set up. (I didn't do it--it was our genius network admin doing a ton of reading and a lot of trial and error. But we're not the only ones who've done it.) Oh, I just read John Terpstra's response and realize that the OP was asking about servers. I, of course, described how we do it for clients (linux desktops on an ADS network). So, don't take my advice in this case! (but pam_mkhomedir and pam_mount are really, really cool). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba